Thursday, January 30, 2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 19 new rules and made modifications to 15 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the
blacklist, browser-webkit, exploit-kit, file-java, file-multimedia,
malware-cnc, pua-adware and server-webapp rule sets to provide coverage
for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, January 28, 2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 3 new rules and made modifications to 1 additional rule.

There were no changes made to the snort.conf in this release.

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the
policy-social rule set to provide coverage for emerging threats from
these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Friday, January 24, 2014

[*] New additions
* Add support to do file specific processing within DCERPC preprocessor for
files being transferred over SMB.

* File capture and storage -- saves files as they traverse the network via a
new preprocessor that ties in support within HTTP, FTP, SMTP, POP, IMAP,
and SMB. See README.file and README.file_server (under tools/file_server)
for details.

* Add <= and >= operators to byte_test rule option.

* Update SMTP to detect Cyrus SASL authentication attack.

* Add capability to capture a single session from start to end.

* EXPERIMENTAL: Add support to leverage file type identification in snort
rules. See README.file_ips for details.

[*] Improvements

* Only inject active responses when a TCP session is established.

* Update the POP and IMAP protocols to support simple PAF for improved
identification and capture of files.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, January 16, 2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 35 new rules and made modifications to 2 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour:
29377
29378
29379
29380

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the
app-detect, blacklist, browser-webkit, dos, exploit-kit, file-identify,
file-pdf, malware-cnc, malware-other and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, January 14, 2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 46 new rules and made modifications to 37 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:

29349

In VRT's rule release:

Microsoft Security Bulletin MS14-002:
A programming error in the Microsoft Windows Kernel-Mode NDProxy Driver
could lead to an escalation of privilege.

Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, 28867 through 28872.

The Sourcefire VRT has also added and modified multiple rules in the
app-detect, blacklist, exploit-kit, file-office, file-pdf, malware-cnc,
os-windows, protocol-dns, protocol-imap, protocol-scada, pua-p2p and
web-client rule sets to provide coverage for emerging threats from
these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, January 2, 2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 73 new rules and made modifications to 10 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the
blacklist, browser-ie, browser-plugins, exploit-kit, file-office,
indicator-compromise, malware-backdoor, malware-cnc, malware-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!